[RndTbl] Solaris/UNIX root-like file access

[Trevor Cordes]

On 2015-05-04 Kevin McGregor wrote:
> Is that possible/feasible? In Windows, there's a group called "Backup
> Operator" which does something like this. Is the only alternative in
> Solaris to make the account a member of the "root" group? I don't care
> about e.g. device files and the like. I just want the account to be
> able to back up regular ZFS user-type file systems.

That's a perennial UNIX question.  I'd like to know the answer too!

Personally, on Linux boxes where groups aren't used at all for user
files I want backed up (they are all just Samba shared as the owner), I
use samba settings to ensure all files are group "backup" or similar
and group readable.  Cheesy, but it works because I 100% control access
to those files via limited daemons.

If your situation isn't similar (i.e. you are using groups for something
meaningful, or want to backup whole-systems like including /etc) then
that is useless.

I'm sure there's an ACL solution, and I'm (pretty) sure Solaris has
ACL's.  However, something about making a zillion ACL's just to do
backups rubs me the wrong way.  Sure, if the ACL's are small enough
they'll just get stored in the inode (I think), but I'd sure hate to
waste a fs block just for an ACL if it didn't (if there already were
ACL's on the files, selinux, etc).

I hope some other members will give a more useful answer...

(It would be nice if there was a standard, automatic UNIX account called
root-ro!)

(Oh ya, and dump/restore should be able to bypass all inode user/group
restrictions, but use at your own risk.)